Many modern software systems are built on standard, third-party software platforms, such as Java. Such platforms provide standard and frequently used functionality, which a given application may access through a programmatic interface (API). For example, the Java software platform includes a variety of classes, methods, and utilities including a runtime environment and frequently used functions and data structures for quickly developing and deploying applications.
Often times, different parties each implement their own version of a given platform. For example, BlueRay™ video players are often produced and loaded with a custom version of a given software platform, such as a custom Java platform. In order to ensure that software applications written to execute on a given platform interoperate properly with versions of the platform written by different parties, it is sometimes desirable to verify that a given platform implementation (test API) exposes at least a minimum set of functionality, as defined by a reference API. Such checking may be referred to as API verification.
The minimum functionality of a given platform may be defined by a specification or reference implementation of the platform. A variety of products is available for determining the conformance of a test API exposed by one platform with a reference API. These include both commercially and freely available products, such as the SigTest tool, which verifies that a given Java platform implementation includes a reference API. Such tools may include a setup step wherein a reference API is defined (e.g., in a reference signature file) and a test phase, wherein a verification tool is executed on a platform under test and, using the reference signature file, determines whether the API exposed by the platform under test (test API) conforms to the given reference API.
To perform the test phase, verification tools, such as SigTest, may use various utilities (e.g., Java Reflection) to discover the members that constitute the API under test. However, if the platform under test comprises a high-security platform, traditional verification tools may not have sufficient permissions to discover all members of the test API, and may therefore fail. For example, during the test phase, the SigTest tool relies on reflection methods such as getDeclaredClasses( ), getDeclaredConstructors( ), getDeclaredFields( ), and getDeclaredMethods( ) for discovering the test API. However, in high-security platforms, such methods may require a higher level of permissions than is granted to the SigTest application. Therefore, SigTest and similar tools traditionally fail when attempting to verify whether high-security platforms, such as Java™ high-security sandbox platforms, conform to a given reference API.